Facebook and Twitter Can Endanger Your Security Clearance Health

On the Homeland Security Watch blog earlier today, an article was reposted concerning the use of popular social networking tools and their possible endangering of a professional’s security clearance.

Here is my response:

Yes, professionals with security clearances have many concerns when it comes to maintaining their clearances. These are professionals who we have entrusted the security of many levels of classified information to and they have been provided training, support and continual guidance on how to maintain their security cleared status both online and offline. It is unfortunate that there are a few incidents which tend skew the viewpoint that these professionals are easy targets to foreign intelligence agencies.

There are many people, many more people than you, think that have security clearances and do actively participate in social networks at many levels both in an open community and closed communities. These security cleared professionals do the same things that many other professionals do online in these social networks – their monitor their interactions, share information with approved sources and are diligent about the way they interact within these communities.

As government agencies move to utilize and leverage these social networks to collaborate with others inside the government and to respond to citizen requests, professionals with security clearances are going to have to be more comfortable using these tools and operating in an open social community – just as they do in the offline world.

Leave a Comment

13 Comments

Leave a Reply

Profile Photo Henry Brown

Would offer that your last paragraph “As government agencies move to utilize and leverage these social networks to collaborate with others inside the government and to respond to citizen requests, professionals with security clearances are going to have to be more comfortable using these tools and operating in an open social community – just as they do in the offline world.” MIGHT need a caveat…

Any one with a security clearance needs to understand the risks prior to ANY socialization, online or off. Yes the risk assessment can become a natural part of the process but IMO it must always be done

Profile Photo Candace Riddle

Completely agreed. Individuals and companies must become more comfortable with the social networking wave. There certainly are ways to opperate while maintaining the integrity of self and group.
I currently work in the finance industry (which is also heavily regulated). Currently my company does not allow for me to use social networking to drive business. Unfortunate, given the recent success that I’ve seen in our area across various industry lines.

Candace

Profile Photo Kathleen Smith

Another comment on the blog asks if there should be limits to social networking activity. My response is:

One of the founding principles of communities is that they can be and for the most part are self governing. Each individual armed with the proper knowledge and training can operate within in a community and be able to evaluate the benefits and the risks.

A challenge with so many in the security cleared world is that for many of them they have not been provided training or guidance on how to operate that actual tools such as privacy controls or evaluating invitations that they don’t participate in the communities at all. This is a dissservice to them and the communities they could participate in.

Candace – I know that there are many limits in the finance industry and also many in my industry of recruiting. There is a line to observe as we look to engage more with customers or others in general. From a recent conference, the term was go “rogue” and I am so glad that many in the Government have already done that such as TSA and others to push the envelope on community engagement.

Profile Photo Kathleen Smith

Philip
All good comments. Thanks for adding them into the stream.

This discussion is interesting especially in light of the classes that I teach once a month at the agencies concerning how to use the internet and social media to find a job. You have to use these tools to move your career forward – one way or another. I preface the class that 1) the class has been approved by the Director of Security 2) these are tools that should be incorporated at a person’s comfort level and knowledge 3) that I am there to present the tools with an overview of how they are being used in recruiting and to demystify them. In the end it is the security cleared professional’ own judgment on how to move forward.

The responses in the class are the full gamut from “there is no way I am using any of this!” to “oh, I thought these were just for fun now I know I can use them for education and career development”.

The social experience is a personal experience and each person will have their own comfort level of how to engage. A longstanding challenge has been an unofficial/official guideline which stated “don’t be online” which had its time and place, but now needs to be replaced with training and guidance on how to best use these tools and monitor the risks.

Profile Photo Carey Bandler

What a great, and timely conversation. I was contemplating, just this morning, writing a blog entry about just this sort of issue. I was spurred more by a recent Facebook friend who posted a status update about a contract award. He was excited and hastily posted without thinking of the potential ramifications of his actions. The timing of his post was after notification from the customer/contract officer but prior to execution of the actual contract. His post also included the name of the customer organization without their permission. At the extreme, he could have cost his company the contract.

Just like when Sen. Hoekstra Tweeted about his secret trip to Iraq, there needs to be an OPSEC consideration. Not just for national security, but also privacy concerns and the like.There should be a course in Social Networking that addresses the uses/purposes but also addresses awareness of content/postings as well as operational security techniques and considerations.